Business Systems Consultant 5 - Security Code Review Infrastructure, Technology & Reporting

Job Description

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Security’s (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo’s infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

The EIS Security Code Review (SCR) team provides application vulnerability and risk identification for many of the critical applications used by Wells Fargo, from an automated and manual static analysis (code level) perspective.

Within the Cyber Security Defense and Monitoring (CSD&M) organization, this Business Systems Consultant position will support the SCR Infrastructure, Technology & Reporting (IT&R) team, which works as the backbone and key support and reporting structure to Wells Fargo critical security code review processes. The SCR IT&R team manages infrastructure, review automation, data repositories, review workflow platforms, reporting platforms, and more that support the security review, review workflow and risk reporting of over 150 million lines of code annually. In addition to independent core systems, workflow integrations exist in certain SCR workflow and reporting platforms with non-SCR core central systems of record. SCR IT&R provides core capabilities for review of 800 critical applications, over 150 million lines of code, internally hosted and vendor hosted applications, supporting local, vendor-integrated, and remote review capabilities.

The SCR IT&R capabilities encompass over 40 servers with both Microsoft and Java-based technologies, 7 core applications, 2 databases (SQL Server and Oracle), with an evolving architecture expected to support security code review services that demonstrate continuous annual growth. This technology framework is set to positively enable and support the Wells Fargo SCR application security review roadmap.

This position will play a key role ensuring SCR follows standard processes and procedures, is accurately represented across various reporting platforms, and is well positioned against emerging vulnerabilities. The successful candidate will have excellent interpersonal communication skills and be able to understand technical details as they relate to security, infrastructure, and technology. They should be able to handle multiple tasks concurrently, managing details and resources for various SCR projects and initiatives. Additionally, the candidate should be able to effectively work well with other lines of business to resolve issues. Other essential duties of this role include managing, coordinating, and scheduling changes, releases, upgrades, patches, and Business Continuity Planning (BCP) exercises using Pac2000 and other tools/systems.

Required Qualifications

  • 7+ years of business systems analysis experience, business systems design experience, or a combination of both
  • 3+ years application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25
  • 3+ years of Remedy experience
  • 3+ years of PAC2000 Change Management experience

Desired Qualifications

  • Excellent verbal, written, and interpersonal communication skills
  • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
  • Ability to influence and build relationships with LOB stakeholders, technology CIO leadership, external service providers, and architecture teams
  • Ability to identify and manage complex issues and negotiate solutions within a geographically dispersed organization
  • Ability to translate and present complex technical data across technical and non-technical groups
  • Ability to translate and summarize complex data into understandable, actionable information and recommendations
  • Knowledge and understanding of security consulting on complex issues related to data access, integrity, confidentiality and business continuity

Other Desired Qualifications
  • Knowledge of application security as it relates to development, infrastructure, data classifications, policy, etc.
  • Knowledge and understanding of SPARC (Security Planning & Assessment of Risks / Controls)
  • 1+ years of experience using Microsoft Office, Project, and Visio
Job Expectations

  • Ability to work additional hours as needed


    All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

    Relevant military experience is considered for veterans and transitioning service men and women.

    Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Share this Job

Other Locations For This Job